Upload
arjun-arjun
View
222
Download
0
Embed Size (px)
Citation preview
8/12/2019 21CFRPart11
1/8
1. Understanding 21 CFR Part 11
The 21 CFR Part 11 regulation was created to maintain the trustworthiness,
reliability, and integrity of electronic records, and to ensure that the
authenticity of electronic records would be equivalent to paper records when
submitted. Therefore, it includes acceptance criteria for both electronic records
and electronic signatures. It does not intend or mandate that these replace
paper records, but rather provides guidelines in the event that they are used.
The following definitions will be used throughout this document and are
defined as stated in Rule 21 CFR Part 11:
Electronic Record: Any combination of text, graphics, data, audio,pictorial, or other information representation in digital form that is
created, modified, maintained, archived, retrieved, or distributed by
a computer system.
Electronic Signature: A computer data compilation of any symbol
or series of symbols executed, adopted, or authorized by an individual to
be the legally binding equivalent of the individuals handwritten signature.
Closed System: An environment in which system access is controlled
by persons who are responsible for the content of the electronic records
that are on the system.
Digital Signature: An electronic signature based upon cryptographic
methods of originator authentication, computed by using a set of rules
and a set of parameters such that the identity of the signer and theintegrity of the data can be verified.
Biometrics: A method of verifying an individuals identity based on
measurement of the individuals physical feature(s) or repeatable action(s)
where those features and/or actions are both unique to that individual
and measurable.
Xcalibur
DataSystem
21 CFR Part 11 Compliance
On August 20 of 1997, the United States Food and
Drug Administration (FDA) issued a document
known as Rule 21 CFR Part 11. This was requested
and developed with input from the pharmaceutical
industry and outlines the FDA criteria for accepting
electronic records and signatures. All companies
and industries who submit or utilize electronic
records and/or signatures regulated by the FDA
must comply with this federal regulation.
8/12/2019 21CFRPart11
2/8
2. The Xcalibur Data System
The Xcalibur data system provides instrument control and data analysis
for the entire family of Thermo Electron mass spectrometers and related
instruments. The easy-to-use interface enables quick and efficient acquisition,
data processing and results delivery. Xcaliburs wide range of functionality
and ability to integrate third-party control provides the tools to perform
a broad range of applications.
This document explains how Thermos Xcalibur data system can help you
achieve 21 CFR Part 11 compliance. The timeline for achieving compliance
and the details on how various aspects of compliance will be achieved are all
documented in the following sections.
2.1 Thermo Electrons 21 CFR Part 11 Compliance StatementAbout Xcalibur
By the definition supplied by the FDA, Xcalibur software falls within the
definition of a closed system. Xcalibur is currently partially compliant with
21 CFR Part 11, but can not be configured to meet all the requirements until
version 2.0. It should be noted that LCQUAN 2.0 will support compliance with
the provisions of 21 CFR Part 11 and will run on both Xcalibur 1.3 and 1.4.
Xcalibur 1.3 and 1.4 by themselves can not be used to achieve compliance to
the regulation.
Xcalibur 2.0 will be one of several tools that can be used to achieve
compliance with the 21 CFR Part 11 rule. The customers internal Standard
Operating Procedures (SOPs) contain many of the tools necessary to
demonstrate to the FDA that electronic records and signatures can be
generated and controlled according to the FDA provisions of 21 CFR Part 11.
This includes but is not limited to, password user id protocol and long-term
archiving. This fully-compliant enabled version of Xcalibur will be available
in the first quarter of 2005. Each requirement is further described and detailed
in Section 2.2.
2.2 Details of 21 CFR Part 11 Compliance Coverage
Rule 21 CFR Part 11 is broken into three subparts. Subpart A provides the
general provisions of the regulation. Using the definition supplied by the
regulation in Subpart A, the Xcalibur data system falls within the scope of
a closed system. Subpart B covers the electronic records portion of the
regulation. A closed system such as Xcalibur therefore falls under
Section 11.10 of Subpart B. Subpart C covers the electronic signature portion
of the rule and is also applicable to Xcalibur. The following table lists the
various sections found in Subparts B and C of the regulation, and how
Xcalibur 2.0 will address these parts.
Xcal i burDat aSyst e
m
8/12/2019 21CFRPart11
3/8
Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)
11.10 (a) Validation of systems to ensure
accuracy, reliability, consistent
intended performance
N/A It will be the responsibility of the end user to
validate the system. Thermo Electron is able to
assist by supplying validation materials.
Same
and the ability to discern
invalid records
Yes Invalid records will be discerned through the
use of the CRC feature of a file. Unexpected
changes to records (outside of our
applications) will be detected by checksum
mechanisms.
Same
and the ability to discern
altered records
Yes Altered records will be detected through use of
the CRC feature of a file. Unexpected changes
to records (outside of our applications) will be
detected by checksum mechanisms.
Same
11.10 (b) The ability to generate accurate
and complete copies of records
in both human readable and
electronic form suitable for
inspections, review, and copying
by the agency
Yes Xcalibur records will be displayed using the
applications supplied in the software. Xcalibur
records and audit trails will be printed using
standard reports or customized reports.
Same
11.10 (c) Protection of records to enable
their accurate and ready retrieval
throughout the records retention
period
Yes It will be the responsibility of the end user to
establish standard operating procedures
(SOPs) ensuring the proper security and
archiving of electronic records. Xcalibur will
utilize a secure permissions folder that
prevents deletion or modification of records.
Xcalibur software development will ensure that
electronic records from previous versions of
software are compatible with the latest version
of Xcalibur.
Same
11.10 (d) Limiting system access to
authorized individuals
Yes Xcalibur 2.0 will operate on the Microsoft
Windows XP operating system and will usethe Authorization tool to set permissions for
run access to the application.
It will be the responsibility of the end user to
establish SOPs governing the issuance and
security of account names and passwords.
Same except that
LCQUAN 2.0 willrun on the Windows
2000 operating
system.
21CFRPart11Compliance
11.10 (e) Use of secure, computer-generated,
time-stamped audit trails to
independently record the date and
time of operator entries and actions
that create, modify, or delete
electronic records
Yes Xcalibur records will contain audit trails that
are generated independently of the user.
The audit trails will capture the operator user
name, date, time, what application is being
used, what has been changed, which version
of the software is being used, and who is
allowed to change it.
The version of the
software will not be
captured. LCQUAN
will have no facilities
to delete files,
therefore we will not
monitor deletion.
Record changes shall not obscure
previously recorded information
Yes The audit trail will not be overwritten but
updated to include the parameter that has
changed, the previous value and the new
value.
Same
Such audit trail documentation shall
be retained for a period at least as
long as that required for the subject
electronic records
continue
Yes Xcalibur audit trails will be a separate
electronic record and exist as long as the
electronic record exists. The retention
of records will depend on the end user.
Nothing in Xcalibur will prevent the
retention of the record.
Same
8/12/2019 21CFRPart11
4/8
Xcal i burDat aSyst e
m
Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)
11.10 (e) and shall be available for agency
review and copying
Yes Xcalibur audit trail information will be
displayed, copied and printed.
Audit trail information
will be printed. This
information can also
be copied but the copy
will be an orphan. No
workbook will use the
copy.
11.10 (f) Use of operational system checks
to enforce permitted sequencing
of steps and events, as appropriate
Yes In those instances where Xcalibur has a critical
workflow, internal checks will be enforced via
the Authorization tool.
Internal checks will
be enforced to
assure that required
sequence will be
followed.
11.10 (g) Use of authority checks to ensure
only authorized individuals can use
the system, electronically sign a
record, access the operation or
computer system input or output
device, alter a record, or perform
the operation at hand
Yes Xcalibur will operate on the Windows XP
platform. Windows XP requires a user account
name and login to access the operating
system.
It will be the responsibility of the end user to
establish SOPs setting forth the guidelines for
accessing the system.
Authorization tool
used in conjunction
with Windows
security.
11.10 (h) Use of device (e.g., terminal) checks
to determine, as appropriate, the
validity of the source of data input
or operational instruction
No Where this condition exists, all appropriate
checks will be performed.
Same
11.10 (i) Determination that persons who
develop, maintain, or use electronic
record/electronic signature systems
have the education, training, and
experience to perform their
assigned task
Yes Thermo Electron will ensure that those who
develop and maintain our 21 CFR Part 11
software have the education, training, and
experience necessary.
It will be the responsibility of the end user
to establish the policies and SOPs required
to ensure their personnel meet the requirement
of this sub-section.
Same
11.10 (j) The establishment of, and
adherence to, written policies that
hold individuals accountable and
responsible for actions initiated
under their electronic signatures, in
order to deter record and signature
falsification
N/A It will be the responsibility of the end user
to establish the policies and SOPs required
to meet the requirement of this sub-section.
Same
11.10 (k) Use of appropriate controls over
systems documentation including:
(1) Adequate controls over the
distribution of, access to, anduse of documentation for
system operation and
maintenance
(2) Revision and change control
procedures to maintain an
audit trail that documents
time-sequenced development
and modification of systems
documentation
N/A
Yes
It will be the responsibility of the end user
to establish the policies and SOPs required
to meet the requirement of this sub-section.
The Xcalibur manuals supplied to the customer
will be under revision and change control
procedures.
The online Help supplied in Xcalibur are
electronic records that currently are not
expected to contain an audit trail feature.
Same
Same
8/12/2019 21CFRPart11
5/8
Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)
11.30 Controls for Open Systems N/A Xcalibur is a closed system. Therefore, controls
for open systems are not discussed in this
document.
Same
11.50 (b) The items identified in paragraphs
a-1, a-2, and a-3 of this section shall
be subject to the same controls as
for electronic records, and shall
be included as part of any human
readable form of the electronic
record (such as electronic display
or printout)
Yes Xcalibur will keep as part of the electronic
record the signature, date and time, and
meaning.
Same
11.100 (b) Before an organization establishes,
assigns, certifies, or otherwise
sanctions an individuals electronic
signature, or any element of such
electronic signature, the organ-
ization shall verify the identity of
the individual
N/A It will be the responsibility of the end user to
establish policies to meet the requirement of
this sub-section.
Same
11.50 (a) Signed electronic records shall
contain information associated with
the signing that clearly indicates all
of the following:
(1) The printed name of the
signer;
(2) The date and time when the
signature was executed; and
(3) The meaning (such as review,
approval, responsibility, or
authorship) associated with
the signature
Yes Authorization tool will allow the administrator
to require signing for key operations.
Same
11.70 Signature/record linking
Electronic signatures and hand-
written signatures executed
to electronic records shall be l inked
to their respective electronic records
to ensure that the signatures cannot
be excised, copied, or otherwise
transferred to falsify an electronic
record by ordinary means
Yes Xcalibur will support electronic signatures.
Handwritten signatures are not captured
electronically in Xcalibur and therefore cannot
be linked.
Handwritten
signatures will not
be linked to
electronic records.
11.100 (a) Each electronic signature shall be
unique to one individual and shall
not be reused by, or reassigned to,
anyone else
Yes Xcalibur, through Windows XP, will require
a user id and password. With the appropriate
policies and SOPs, the end user will be able to
use the user id as a valid electronic signature.
Same
11.100 (c) Persons using electronic signatures
shall, prior to or at the time of such
use, certify to the agency that the
electronic signatures in their
system, used on or after August 20,
1997, are intended to be the legally
binding equivalent of traditional
handwritten signatures.
continue
N/A It will be the responsibility of the end user to
establish policies and submit the appropriate
documentation.
Same
21CFRPart11Compliance
8/12/2019 21CFRPart11
6/8
8/12/2019 21CFRPart11
7/8
8/12/2019 21CFRPart11
8/8
2.3 Compliance Document Disclaimer
This document has been prepared and provided to you in order that you may
evaluate and understand Thermos position on supplying you with resources to
support 21 CFR Part 11 compliance. As either an existing or potential customer,
we at Thermo want to help you understand and address the needs of your
company in implementing and abiding by the FDA regulations. This document
does not recommend how to implement the regulations. It is meant to provide
you with information that you can use in complying with the regulations in yourlaboratory environment. Our customers are ultimately and solely responsible for
ensuring they meet compliance guidelines, however, we take seriously our role to
provide you with the information and tools to do this efficiently and effectively.
By providing you with our 21 CFR Part 11 Compliance Statement contained
herein, Thermo has made reasonable efforts to provide complete and accurate
information regarding compliance of our products. You should be aware that
regulations, interpretations of these regulations, and enforcement of these
regulations are continually evolving, and therefore we cannot guarantee that the
information contained within this document is complete, current, or necessarily
applies to every possible situation.
For third-party products, whether obtained directly from us or another distributor,we recommend that you consult directly with that third-party vendor concerning
their adherence to 21 CFR Part 11 compliance. In cases where we pass along
third-party compliance statements, we accept no responsibility for the verification
of accuracy or completeness.
Thermo Electron Corporation, its employees, or its agents or representatives in
connection with the information in this documents in no event shall be liable for
indirect, special, consequential or incidental damages, including but not limited
to loss of revenue, loss of profits, or loss of good will, regardless of whether we
(a) have been informed of the possibility of such damages, or (b) are negligent.
Thermos obligations and responsibilities regarding our products are governed
solely by the agreements under which they are sold or licensed. Nothing in thisstatement is intended to modify rights or obligations under any agreements or
to create any new rights or obligations between us and our customers.
Xcalibur Data System 21 CFR Part 11 Compliance
International
Offices
AustraliaTel. +61 2 8844 9500
AustriaTel. +43 1 333 50340
BelgiumTel. +32 2 482 30 30
CanadaTel. +1 800 532 4752
ChinaTel. +86 10 5850 3588
FranceTel. +33 1 60 92 48 00
GermanyTel. +49 6103 4080
IndiaTel. +91 22 2778 1101
ItalyTel. +39 02 950 591
JapanTel. +81 45 453 9100
Latin AmericaTel. +1 512 251 1503
NetherlandsTel. +31 76 587 98 88
NordicTel. +46 8 556 468 00
South AfricaTel. +27 11 570 1840
SpainTel. +34 91 657 4930
SwitzerlandTel. +41 61 48784 00
UKTel. +44 1442 233555
USATel. +1 800 532 4752
2005 Thermo Electron Corporation. All rights reserved. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other trademarks are the property of ThermoElectron Corporation and its subsidiaries. We make no warranties, expressed or implied, in this product summary, and information is subject to change without notice. Printed in the USA.
www.thermo.com/ms-software WP61398_E 03/05S
The information in this publication is provided for reference only. All information contained in this publication is believed to be correct and complete.
Thermo Electron shall not be liable for errors contained herein nor for incidental or consequential damages in connection with the furnishing,
performance, or use of this material. Customers are ultimately responsible for validation of their systems. All product specifications, as well as the
information contained in this publication, are subject to change without notice.